commit d32392249b1538e0b0a76f20bf602e683f636fb6
author Sunitha Harish <sunithaharish04@gmail.com> Wed Feb 24 15:33:29 2021 +0530
committer Ed Tanous <ed@tanous.net> Thu Mar 11 15:30:40 2021 +0000
tree 80c094bf67510ba4f352c6adbc5887fd3b7e0e48
parent efb8062c306474942bc94f15d748b2eb0b58fbb6

Redfish Session : Fix clientIp getting mapped to clientId

When the session is created using /login, the ClientOriginIPAddress
is mapped to the clientId parameter which displayed the clientIP
instead of the of clientId.
The similar problem is observed with auth methods other than sessions
created using the SessionService resource

This commit swaps the clientId and clientIp parameters passed to
generateUserSession API, so that the optional clientId is
passed as the last parameter

Tested by :
  1. Create session using Redfish command
     POST https://${bmc}/login -d '{"username": <>,"password": <>}'
     POST https://${bmc}/redfish/v1/SessionService/Sessions
        -d '{"username": <>,"password": <>}'
  2. Open the GUI session to check the clientId is not displaying the
  ClientOriginIPAddress

Signed-off-by: Sunitha Harish <sunithaharish04@gmail.com>
Change-Id: I6cee3de963c489e690d2ad0bb09ba78dca39e4f9

http/http_connection.hpp

diff --git a/http/http_connection.hpp b/http/http_connection.hpp
index d7b74ad..4482f8d 100644
--- a/http/http_connection.hpp
+++ b/http/http_connection.hpp
@@ -239,12 +239,12 @@
                 return true;
             }
             sslUser.resize(lastChar);
-
-            session =
-                persistent_data::SessionStore::getInstance()
-                    .generateUserSession(
-                        sslUser, persistent_data::PersistenceType::TIMEOUT,
-                        false, req->ipAddress.to_string());
+            std::string unsupportedClientId = "";
+            session = persistent_data::SessionStore::getInstance()
+                          .generateUserSession(
+                              sslUser, req->ipAddress.to_string(),
+                              unsupportedClientId,
+                              persistent_data::PersistenceType::TIMEOUT);
             if (auto sp = session.lock())
             {
                 BMCWEB_LOG_DEBUG << this

include/authorization.hpp

diff --git a/include/authorization.hpp b/include/authorization.hpp
index e32d9ad..9e344d8 100644
--- a/include/authorization.hpp
+++ b/include/authorization.hpp
@@ -78,9 +78,10 @@
     // needed.
     // This whole flow needs to be revisited anyway, as we can't be
     // calling directly into pam for every request
+    std::string unsupportedClientId = "";
     return persistent_data::SessionStore::getInstance().generateUserSession(
-        user, persistent_data::PersistenceType::SINGLE_REQUEST,
-        isConfigureSelfOnly, clientIp.to_string());
+        user, clientIp.to_string(), unsupportedClientId,
+        persistent_data::PersistenceType::SINGLE_REQUEST, isConfigureSelfOnly);
 }
 #endif
 

include/login_routes.hpp

diff --git a/include/login_routes.hpp b/include/login_routes.hpp
index 6879de0..d400559 100644
--- a/include/login_routes.hpp
+++ b/include/login_routes.hpp
@@ -136,12 +136,14 @@
                 }
                 else
                 {
+                    std::string unsupportedClientId = "";
                     auto session =
                         persistent_data::SessionStore::getInstance()
                             .generateUserSession(
-                                username,
+                                username, req.ipAddress.to_string(),
+                                unsupportedClientId,
                                 persistent_data::PersistenceType::TIMEOUT,
-                                isConfigureSelfOnly, req.ipAddress.to_string());
+                                isConfigureSelfOnly);
 
                     if (looksLikePhosphorRest)
                     {

include/sessions.hpp

diff --git a/include/sessions.hpp b/include/sessions.hpp
index 85d8ecc..a448b24 100644
--- a/include/sessions.hpp
+++ b/include/sessions.hpp
@@ -210,10 +210,10 @@
 {
   public:
     std::shared_ptr<UserSession> generateUserSession(
-        const std::string_view username,
+        const std::string_view username, const std::string_view clientIp,
+        const std::string_view clientId,
         PersistenceType persistence = PersistenceType::TIMEOUT,
-        bool isConfigureSelfOnly = false, const std::string_view clientId = "",
-        const std::string_view clientIp = "")
+        bool isConfigureSelfOnly = false)
     {
         // TODO(ed) find a secure way to not generate session identifiers if
         // persistence is set to SINGLE_REQUEST

redfish-core/lib/redfish_sessions.hpp

diff --git a/redfish-core/lib/redfish_sessions.hpp b/redfish-core/lib/redfish_sessions.hpp
index c38f102..7ed9685 100644
--- a/redfish-core/lib/redfish_sessions.hpp
+++ b/redfish-core/lib/redfish_sessions.hpp
@@ -229,8 +229,8 @@
         // User is authenticated - create session
         std::shared_ptr<persistent_data::UserSession> session =
             persistent_data::SessionStore::getInstance().generateUserSession(
-                username, persistent_data::PersistenceType::TIMEOUT,
-                isConfigureSelfOnly, clientId, req.ipAddress.to_string());
+                username, req.ipAddress.to_string(), clientId,
+                persistent_data::PersistenceType::TIMEOUT, isConfigureSelfOnly);
         res.addHeader("X-Auth-Token", session->sessionToken);
         res.addHeader("Location", "/redfish/v1/SessionService/Sessions/" +
                                       session->uniqueId);